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Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the application: 
Listing of Claims : 

1. (Currently Amended) A computer-implemented method for managing access to 
electronic documents, comprising: 

associating a first key with an encrypted document decryption key, the encrypted 
document decryption key being associated with an encrypted document, the encrypted document 
decryption key when decrypted yielding a document decryption key usable to decrypt the 
encrypted document, the first key being usable to decrypt the encrypted document decryption 
key; 

encrypting the first key to produce an encrypted first key; 

providing the encrypted first key in a first access controlled manner to users for use in 
opening the encrypted document; 

associating with the encrypted first key a second key that can be used to decrypt the 
encrypted first key; and 

providing the second key in a second [[an]] access controlled manner to users for use in 
opening all documents that can be opened through use of the first ke y, the second access 
controlled manner being distinct from the first access controlled manner . 

2. (Previously Presented) The method of claim 1, further comprising: 
storing the encrypted document decryption key in the encrypted document. 

3. (Canceled) 

4. (Original) The method of claim 1 , further comprising: 

providing a second encrypted document decryption key for a second encrypted document, 
the second encrypted document decryption key when decrypted yielding a document decryption 
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key usable to decrypt the second document, the second encrypted document decryption key 
being encrypted so that the first key is usable to decrypt the second encrypted document 
decryption key; and 

associating the first key with the second encrypted document decryption key. 

5. (Original) The method of claim 4, further comprising: 

providing a third encrypted document decryption key for the second encrypted document, 
the third encrypted document decryption key when decrypted yielding a document decryption 
key usable to decrypt the second document, the third encrypted document decryption key being 
encrypted so that a third key is usable to decrypt the third encrypted document decryption key; 

associating the third key with the third encrypted document decryption key; and 

providing the third key in an access controlled manner to users for use in opening the 
second document. 

6. (Previously Presented) The method of claim 1 , further comprising: 

associating a third key with a second encrypted document decryption key for a second 
document, the second encrypted document decryption key when decrypted yielding a document 
decryption key usable to decrypt the second document, the second encrypted document 
decryption key being encrypted so that the third key is usable to decrypt the second encrypted 
document decryption key. 

7. (Original) The method of claim 6, further comprising: 
encrypting the third key; 

associating the second key with the encrypted third key, the second key being usable to 
decrypt the encrypted third key; and 

providing the second key in an access controlled manner to users for use in opening all 
documents that can be opened through use of the third key. 

8. (Previously Presented) The method of claim 1, wherein providing the second key in an 
access controlled manner comprises sending the second key to users in rights management 
information specific to systems of the users to whom the second key is sent. 
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9. (Original) The method of claim 8, wherein the rights management information comprises 
a rights management file. 

10. (Previously Presented) The method of claim 1 , wherein providing the second key in an 
access controlled manner comprises sending information used to synthesize the second key in 
rights management information. 

1 1 . (Previously Presented) The method of claim 1 , wherein associating further comprises: 
storing the encrypted first key in rights management file information for the first key. 

12. (Original) The method of claim 11, further comprising: 
associating a unique identifier with the second key; 

and storing the unique identifier in the rights management information with the encrypted 



13. (Previously Presented) The method of claim 1, further comprising: 

providing a document decryption key in an access controlled manner to users for opening 
the encrypted document without using the first key. 

14. (Original) The method of claim 2, further comprising: 
associating a unique identifier with the first key. 

15. (Original) The method of claim 14, wherein the unique identifier is stored in the 
document in association with the encrypted document decryption key to associate the first key 
with the encrypted document decryption key. 

1 6. (Original) The method of claim 1 0, wherein the rights management information provides 
a license and defines a set of permission rights associated with the license. 

1 7. (Original) The method of claim 1 6, wherein the set of permission rights specifies a right 
allowing another key to be associated with the rights management information so that a holder of 
such a key has access to the first key. 



first key. 
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18. (Original) The method of claim 1 6, wherein the set of permission rights specifies a right 
allowing a holder of the first key to add to a second encrypted document a second encrypted 
document decryption key that can be decrypted by the first key and, when decrypted by the first 
key, yielding a second document decryption key that is usable to decrypt the encrypted second 
document. 

19. (Original) The method of claim 16, wherein multiple keys are usable to decrypt the 
encrypted document decryption key directly or indirectly, wherein the multiple keys are provided 
to users in rights management information, and wherein the encrypted document specifies 
permission rights including a right to override one or more permission rights specified by rights 
management information for any one or more of the multiple keys. 

20. (Original) The method of claim 19, wherein the rights management information 
comprises a rights management file. 

21 . (Original) The method of claim 1 9, wherein the rights management file is specific to a 
particular user. 

22. (Original) The method of claim 19, wherein the rights management file is specific to a 
particular user-operated system. 

23. (Original) The method of claim 1, wherein the encrypted document decryption key is 
encrypted by an encryption key that is different from the first key. 

24. (Original) The method of claim 23, wherein the first key is a public key and the 
encryption key is a private key. 

25. (Previously Presented) The method of claim 24, wherein providing the first key in an 
access controlled manner comprises sending information used to synthesize the first key in a 
rights management file. 

26. (Currently Amended) A computer-implemented method for accessing an electronic 
document, comprising: 
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obtaining an encrypted electronic document; 

obtaining a collection of three or more keys, the keys including keys that are encrypted, 
the keys and the document having at least two associations defined between certain pairs of 
them, where eaeh-at least one association [[of]] is_a pair consisting of a first key and an 
encrypted second key indicates that the first key can be used to decrypt and thereby make usable 
the second key, where at least one association is a pair consisting of the encrypted second key 
and an encrypted third key, the association indicating that the decrypted second key can be used 
to decrypt and thereby make usable the third key, where each association of a pair consisting of 
an encrypted document decryption key and the encrypted document indicates that the encrypted 
document decryption key, when decrypted, can be used to decrypt the encrypted document, and 
where a user has access to and can use certain ones of the keys in the collection; 

using the associations to identify at least one key in the collection that is usable, directly 
or indirectly, to open the encrypted document, and to which the user has access. 

27. (Original) The method of claim 26, wherein the associations are represented as a directed 
graph, with each node representing a key or the document, with one or more nodes representing 
keys accessible to the user, and with one or more edges pointing to the document, and wherein 
using the associations to identify at least one key comprises: 

finding a path in the directed graph to the node representing the document from one of 
the nodes representing keys accessible to the user. 

28. (Original) The method of claim 27, further comprising: 

following the path and decrypting each of the keys represented by nodes along the path 
in turn until an encrypted document decryption key for the document is decrypted. 

29. (Original) The method of claim 28, wherein each encrypted key is identified by two IDs, 
including a first ID corresponding to the encrypted key and a second ID corresponding to another 
of the keys capable of decrypting the encrypted key. 

30. (Original) The method of claim 29, wherein two or more second IDs correspond to the 
same first ID, and each of the two or more second IDs and the encrypted keys to which they 
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correspond are stored as separate entries in an array of entries, each of the entries being indexed 
by the same first ID. 

3 1 . (Original) The method of claim 29, wherein each encrypted key is stored with the 
corresponding second ID as an entry in an array and each entry is indexed by the corresponding 



32. (Previously Presented) A computer-implemented method for managing access to 
encrypted electronic documents, comprising: 

providing in an access controlled manner multiple skeleton decryption keys for multiple 
encrypted documents, where a single skeleton key can be used to open multiple encrypted 
documents, a single encrypted document can be opened using more than one skeleton key, and a 
single skeleton key can be opened using one or more other skeleton keys; 

each single skeleton key being a key usable to decrypt one or more secondary decryption 
keys; and 

each secondary decryption key being a skeleton key or a decryption key for an encrypted 
document; 

whereby one or more skeleton keys can be issued for a document or a set of documents, 
and a holder of a particular skeleton key can open any document to which the particular skeleton 
key applies, directly or indirectly. 

33. (Original) The method of claim 32, wherein the skeleton keys are distributed to users in 
rights management files. 

34. (Currently Amended) A computer program product, tangibly embodied on a 
machine-readable medium, for managing access to encrypted electronic documents, comprising 
instructions operable to cause a programmable processor to: 

associate a first key with an encrypted document decryption key, the encrypted document 
decryption key being associated with a document, the encrypted document decryption key when 
decrypted yielding a document decryption key usable to decrypt the document, the first key 
being usable to decrypt the encrypted document decryption key; 



first ID. 
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encrypt the first key to create an encrypted first key; 

providing the first key in a first access controlled manner to users for use in opening the 

encrypted document; 

associate with the encrypted first key a second key that can be used to decrypt the 
encrypted first key; and 

provide the second key in a second [[an]] access controlled manner to users for use in 
opening all documents that can be opened through use of the first ke y, the second access 
controlled manner being distinct from the first access controlled manner . 

35. (Currently Amended) A computer program product, tangibly embodied on a 
machine-readable medium, for accessing an electronic document, comprising instructions 
operable to cause a programmable processor to: 

obtain an encrypted electronic document; 

obtain a collection of keys, the keys including keys that are encrypted, the keys and the 
document having at least two associations defined between certain pairs of them, where e ach at 
least one association [[of]] is_a pair consisting of a first key and an encrypted second key 
indicates that the first key can be used to decrypt and thereby make usable the second key, where 
at least one association is a pair consisting of the encrypted second key and an encrypted third 
key, the association indicating that the decrypted second key can be used to decrypt and thereby 
make usable the third key, where each association of a pair consisting of an encrypted document 
decryption key and the encrypted document indicates that the encrypted document decryption 
key, when decrypted, can be used to decrypt the encrypted document, and where a user has 
access to and can use certain ones of the keys in the collection; and 

use the associations to identify at least one key in the collection that is usable, directly or 
indirectly, to open the encrypted document, and to which the user has access. 

36. (Previously Presented) A computer program product, tangibly embodied on a 
machine-readable medium, for managing access to encrypted electronic documents, comprising 
instructions operable to cause a programmable processor to: 

provide in an access controlled manner multiple skeleton decryption keys for multiple 
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encrypted documents, where a single skeleton key can be used to open multiple encrypted 
documents, a single encrypted document can be opened using more than one skeleton key, and a 
single skeleton key can be opened using one or more other skeleton keys; 

each single skeleton key being a key usable to decrypt one or more secondary decryption 
keys; and 

each secondary decryption key being a skeleton key or a decryption key for an encrypted 
document; 

whereby one or more skeleton keys can be issued for a document or a set of documents, 
and a holder of a particular skeleton key can open any document to which the particular skeleton 
key applies, directly or indirectly. 

37. (Canceled) 

38. (Previously Presented) The method of claim 1, wherein multiple keys are usable to 
decrypt the encrypted document decryption key directly or indirectly, wherein the multiple keys 
are provided to users in rights management information, and wherein the encrypted document 
specifies permission rights including a right to override one or more permission rights specified 
by rights management information for any one or more of the multiple keys. 



